Microsoft has rolled out its August 2025 Patch Tuesday fixes, addressing a total of 107 vulnerabilities across its ecosystem.
This month’s release stands out for its sheer volume and the inclusion of 35 remote code execution (RCE) bugs, which could allow attackers to run malicious code on affected systems.
While none of these vulnerabilities are currently known to be exploited in the wild, the patches underscore the ongoing battle against evolving cyber threats.
The Microsoft security updates span a wide array of Microsoft products, from core Windows components to Office applications, Azure services, and even specialized tools like Exchange Server and SQL Server.
Security experts recommend immediate patching, especially for organizations relying on hybrid or cloud environments, as delays could expose systems to potential risks.
Critical Vulnerabilities Patched
Out of the 107 issues, 13 are rated Critical, the highest severity level, posing severe risks if left unaddressed. These primarily involve RCE vulnerabilities that could lead to complete system compromise.
| Severity / Impact | Remote Code Execution (RCE) | Elevation of Privilege (EoP) | Information Disclosure | Spoofing | Denial of Service (DoS) | Tampering | Total |
|---|---|---|---|---|---|---|---|
| Critical | 9 | 1 | 2 | 1 | 0 | 0 | 13 |
| Important | 26 | 38 | 14 | 7 | 5 | 1 | 91 |
| Moderate | 0 | 1 | 0 | 1 | 0 | 0 | 2 |
| Low | 0 | 0 | 0 | 1 | 0 | 0 | 1 |
| Total | 35 | 40 | 16 | 10 | 5 | 1 | 107 |
For instance, CVE-2025-50165 affects the Windows Graphics Component, enabling unauthorized code execution over a network via untrusted pointer dereferences. Similarly, CVE-2025-53766 targets GDI+ with a heap-based buffer overflow, allowing remote attacks.
Azure users should note CVE-2025-53781, a critical information disclosure flaw in Azure Virtual Machines that could leak sensitive data to unauthorized actors.
Another notable vulnerability is CVE-2025-48807 in Windows Hyper-V, which permits local code execution through improper endpoint restrictions.
These critical bugs highlight vulnerabilities in virtualization and cloud infrastructure, areas increasingly targeted by sophisticated adversaries.
The bulk of the patches, around 90, are classified as Important, covering a mix of elevation of privilege (EoP), denial of service (DoS), spoofing, and information disclosure issues.
EoP flaws dominate this category, with 35 instances allowing attackers to gain higher system privileges.
Examples include CVE-2025-53778 in Windows NTLM, which exploits improper authentication for network-based privilege escalation, and multiple SQL Server bugs like CVE-2025-49758, stemming from SQL injection weaknesses.
RCE vulnerabilities make up a notable 35 of the total, affecting products like Microsoft Office, Exchange Server, and Routing and Remote Access Service (RRAS).
In Office alone, flaws such as CVE-2025-53731 (use-after-free in Microsoft Office) and CVE-2025-53741 (heap-based buffer overflow in Excel) could enable local code execution if users open malicious files.
Windows RRAS sees several heap-based overflows, like CVE-2025-50160, potentially leading to remote exploits.
Lower-severity issues include two Moderate vulnerabilities, such as CVE-2025-53779 in Windows Kerberos involving relative path traversal for EoP, and one Low spoofing flaw in Microsoft Edge for Android (CVE-2025-49755). While less urgent, these still warrant attention to prevent cumulative risks.
This Patch Tuesday reveals recurring themes: use-after-free errors, heap overflows, and improper input validation appear frequently, particularly in legacy components like Win32k and Ancillary Function Drivers.
Microsoft also addressed a hybrid deployment vulnerability in Exchange Server (CVE-2025-53786), recommending users apply April 2025 hotfixes for enhanced security.
For IT administrators, prioritizing patches for internet-facing systems and critical infrastructure is essential.
Home users should enable automatic updates via Windows Update. Microsoft reports no active exploits as of August 12, 2025, but history shows that publicized vulnerabilities can quickly attract threat actors.
Microsoft Patch Tuesday August 2025 – Vulnerabilities list
| CVE | Vulnerability | Actively Exploited | Type | Severity |
|---|---|---|---|---|
| CVE-2025-53781 | Azure Virtual Machines Information Disclosure Vulnerability | No | Information Disclosure | Critical |
| CVE-2025-50165 | Windows Graphics Component Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-50176 | DirectX Graphics Kernel Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-50177 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53733 | Microsoft Word Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53766 | GDI+ Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability | No | Elevation of Privilege | Critical |
| CVE-2025-53784 | Microsoft Word Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53793 | Azure Stack Hub Information Disclosure Vulnerability | No | Information Disclosure | Critical |
| CVE-2025-48807 | Windows Hyper-V Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-49707 | Azure Virtual Machines Spoofing Vulnerability | No | Spoofing | Critical |
| CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49751 | Windows Hyper-V Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-49745 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | Spoofing | Important |
| CVE-2025-49758 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53727 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53729 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-33051 | Microsoft Exchange Server Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53741 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53759 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53760 | Microsoft SharePoint Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53761 | Microsoft PowerPoint Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-24999 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53772 | Web Deploy Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53773 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-25005 | Microsoft Exchange Server Tampering Vulnerability | No | Tampering | Important |
| CVE-2025-25006 | Microsoft Exchange Server Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-25007 | Microsoft Exchange Server Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-49743 | Windows Graphics Component Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49757 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-49759 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49761 | Windows Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49762 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50153 | Desktop Windows Manager Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50154 | Microsoft Windows File Explorer Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-50156 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50158 | Windows NTFS Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50159 | Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50160 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50161 | Win32k Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50162 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50163 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50164 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50166 | Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50167 | Windows Hyper-V Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50168 | Win32k Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50169 | Windows SMB Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50170 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50171 | Remote Desktop Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-50172 | DirectX Graphics Kernel Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-50173 | Windows Installer Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53131 | Windows Media Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53132 | Win32k Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53133 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53134 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53135 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53136 | NT OS Kernel Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53137 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53138 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53140 | Windows Kernel Transaction Manager Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53142 | Microsoft Brokering File System Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53143 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53144 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53145 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53147 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53148 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53149 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53151 | Windows Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53152 | Desktop Windows Manager Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53153 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53154 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53155 | Windows Hyper-V Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53156 | Windows Storage Port Driver Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53716 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-53718 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53719 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53720 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53721 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53722 | Windows Remote Desktop Services Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-53723 | Windows Hyper-V Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53724 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53725 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53726 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53728 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-47954 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53732 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53734 | Microsoft Office Visio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53735 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53736 | Microsoft Word Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53737 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53738 | Microsoft Word Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53739 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53765 | Azure Stack Hub Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53769 | Windows Security App Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-50157 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50155 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53783 | Microsoft Teams Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53788 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53789 | Windows StateRepository API Server file Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49712 | Microsoft SharePoint Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-49755 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | No | Spoofing | Low |
| CVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability | No | Elevation of Privilege | Moderate |
| CVE-2025-49736 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | No | Spoofing | Moderate |
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
